Sans researcher Adrien de Beaupre said that at least one of the sites disguises the attack as a .jpg file. The file contains no image, but loads a script which runs the attack and attempts to install a malicious payload.

Symantec said that the attack appears to be occurring on fully patched machines. The company said that it is working with Adobe on the incident.

Users are advised to disable the Flash plug-in on their browsers or limit its use to trusted sites.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.